Revision 1400
Added by FrankH almost 15 years ago
- Security fix in account
- Security fix in admin/media, thanks to hal 9000
| functions.php | ||
|---|---|---|
| 1332 | 1332 |
return $retval; |
| 1333 | 1333 |
} |
| 1334 | 1334 |
|
| 1335 |
|
|
| 1335 |
/* |
|
| 1336 |
* filter directory traversal more thoroughly, thanks to hal 9000 |
|
| 1337 |
* @param string $dir: directory relative to MEDIA_DIRECTORY |
|
| 1338 |
* @param bool $with_media_dir: true when to include MEDIA_DIRECTORY |
|
| 1339 |
* @return: false if directory traversal detected, real path if not |
|
| 1340 |
*/ |
|
| 1341 |
function check_media_path($directory, $with_media_dir = true) |
|
| 1342 |
{
|
|
| 1343 |
$md = ($with_media_dir) ? MEDIA_DIRECTORY : ''; |
|
| 1344 |
$dir = realpath(WB_PATH . $md . '/' . utf8_decode($directory)); |
|
| 1345 |
$required = realpath(WB_PATH . MEDIA_DIRECTORY); |
|
| 1346 |
if (strstr($dir, $required)) {
|
|
| 1347 |
return $dir; |
|
| 1348 |
} else {
|
|
| 1349 |
return false; |
|
| 1350 |
} |
|
| 1351 |
} |
|
Also available in: Unified diff